Press J to jump to the feed. Press question mark to learn the rest of the keyboard shortcuts
64
Posted by
Meow 馃悎馃悎Meow 馃惐馃惐 Meow Meow馃嵑馃悎馃惐Meow A+!
2 years ago
Archived

CCNAv3 - So what is BGP?

Since /u/PsychoMet started the v3 chat with his excellent MPLS as a WAN service post I figured I would continue the conversation with a bit of a BGP primer. So enjoy!

Currently all the routing protocols you have studied under the CCNA have been Interior Gateway Protocols, IGPs are designed to be fast and to service the needs of companies and enterprises. BGP on the other hand is a Exterior Gateway Protocol (the only EGP really) which is designed to be very deterministic and scalable.

While you can generally expect EIGRP to form a neighbor in and exchange routes in a matter of seconds, it is not uncommon for BGP to take several minutes to form a neighbor and learn all the routes. This is because the BGP table is far bigger than what a IGP can support. Currently the internet routing table has ~587000 active routes.\

BGP itself is a fairly simple protocol but its complexity comes from it having hundreds of features that can adjust virtually everything you can think of about the connection and how you want to route traffic.

One thing to keep in mind is that BGP is generally not considered to be a routing protocol, rather it is a TCP application that runs over port 179. BGP does still rely on IGPs to provide the underlying connectivity end to end. It is best to think of BGP has a "Policy enforcement protocol" (my term) because it allows very granular traffic control.

At the CCNA level you only really need to know how to form a BGP peering and how to advertise a network so let's have a look at that.

Diagram

The network in this is fairly simple: R01 and R02 have a loopback interface and are connected to a ISP XR router (just for you /u/arming10) the ISP router has two loopbacks as well in order to simulate the internet.

---R01---

R01(config-if)#do sh ip int br
Interface                  IP-Address      OK? Method Status                Protocol
GigabitEthernet0/0         10.255.1.158    YES NVRAM  up                    up      
GigabitEthernet0/1         200.1.1.1       YES manual up                    up      
Loopback0                  10.254.1.1      YES manual up                    up

---R02---

R02(config-if)#   do sh ip int br
Interface                  IP-Address      OK? Method Status                Protocol
GigabitEthernet0/0         10.255.1.159    YES NVRAM  up                    up      
GigabitEthernet0/1         200.1.2.2       YES manual up                    up      
Loopback0                  10.254.2.2      YES manual up                    up 

---ISP---

RP/0/RP0/CPU0:XRV01(config)#do show ipv4 interface brief | include default
Sun Jul 10 05:04:41.075 UTC
Loopback1                      8.8.8.8         Up              Up       default 
Loopback2                      8.8.4.4         Up              Up       default 
GigabitEthernet0/0/0/0         200.1.1.254     Up              Up       default 
GigabitEthernet0/0/0/1         200.1.2.254     Up              Up       default

Since I'm using a fancy ISP router here is the config you can use with a regular IOS router, we'll explain what we are doing when we do the other routers.

ISP#    sh run | s router bgp
router bgp 100
 bgp log-neighbor-changes
 neighbor 200.1.1.1 remote-as 1
 neighbor 200.1.2.2 remote-as 2
 network 8.8.8.8 mask 255.255.255.255
 network 8.8.4.4 mask 255.255.255.255

If you are /u/arming10 and want to see the XR configuration then here is the basic config

RP/0/RP0/CPU0:XRV01(config)#show run router bgp
Sun Jul 10 05:44:43.950 UTC
router bgp 100
 bgp router-id 200.1.1.254
 address-family ipv4 unicast
  network 8.8.4.4/32
  network 8.8.8.8/32
 !
 neighbor 200.1.1.1
  remote-as 1
  address-family ipv4 unicast
   route-policy PASS in
   route-policy PASS out
  !
 !
 neighbor 200.1.2.2
  remote-as 2
  address-family ipv4 unicast
   route-policy PASS in
   route-policy PASS out
  !
 !
!
RP/0/RP0/CPU0:XRV01(config)#show run route-policy PASS 
Sun Jul 10 05:44:57.562 UTC
route-policy PASS
  pass
end-policy

The first thing to do before you start working on any protocol is to make sure your base configs are good so I'll make sure R01 and R02 can ping its upstream neighbor.

R01(config)#do ping 200.1.1.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 200.1.1.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/6/8 ms

R02(config)#     do ping 200.1.2.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 200.1.2.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 7/7/10 ms

Next we'll enter the bgp configuration by typing router bgp <as number> the AS number is given to you by the ISP if it is private or IANA if your company has bought a AS#, we'll use AS1 for R01 and AS2 for R02, the ISP router will use AS100

R01(config)#router bgp ?
  <1-4294967295>  Autonomous system number
  <1.0-XX.YY>     Autonomous system number

R01(config)#router bgp 1 


R01(config-router)#neighbor 200.1.1.254 remote-as 100
R01(config-router)#
*Jul 10 05:08:04.325: %BGP-5-ADJCHANGE: neighbor 200.1.1.254 Up 

Assuming you pasted in the ISP config then you should see the neighbor come up in about 30 seconds to a minute.

We can check if the connection is up with the show bgp ipv4 unicast summary command, the key points to look for is the State section to be a number, this means the connection is established and it is showing you how many BGP prefixes the neighbor is sharing with you. If it is in any other state then BGP isn't fully connected but my intent isn't to cover every little thing.

R01#show bgp ipv4 unicast summary 
BGP router identifier 10.254.1.1, local AS number 1
BGP table version is 4, main routing table version 4
3 network entries using 432 bytes of memory
3 path entries using 240 bytes of memory
2/2 BGP path/bestpath attribute entries using 304 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 1000 total bytes of memory
BGP activity 3/0 prefixes, 3/0 paths, scan interval 60 secs

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
200.1.1.254     4          100       4       5        4    0    0 00:00:45        2

The last thing to do is to advertise some networks, BGP uses the network command to advertise networks but it operates differently then it does for IGPs like OSPF. With OSPF the network command activates the protocol on the interface that matches the network statement. In BGP the network command literally tells BGP what route to advertise, the network statement must exactly match a route in the routing table for it to work.

R01(config-router)#network 10.254.1.1 mask 255.255.255.255

We can have a look at the BGP routes with the show bgp ipv4 unicast command, you can look at show ip route as well but this command provides much more BGP specific information. At this point we should see that R01 has learned the ISP 8.8.8.8/32 and 8.8.4.4/32 routes from AS100. You can tell what routes you are advertising by looking for 0.0.0.0 as a next hop and the weight will be set to 32768, there will also be an empty path.

One last thing to note about the command is that > shows the path is best and active, if BGP doesn't know how to reach the next-hop for example then you would just see * and the route will not appear in the routing table.

R01#show bgp ipv4 unicast 
BGP table version is 4, local router ID is 10.254.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, 
              x best-external, a additional-path, c RIB-compressed, 
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  8.8.4.4/32       200.1.1.254              0             0 100 i
 *>  8.8.8.8/32       200.1.1.254              0             0 100 i
 *>  10.254.1.1/32    0.0.0.0                  0         32768 i

Let's do the same thing with R02

R02(config)#router bgp 2
R02(config-router)# neighbor 200.1.2.254 remote-as 100
R02(config-router)# network 10.254.2.2 mask 255.255.255.255
R02(config-router)#
*Jul 10 06:08:03.405: %BGP-5-ADJCHANGE: neighbor 200.1.2.254 Up 
R02(config)#do show bgp ipv4 unicast
BGP table version is 5, local router ID is 10.254.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, 
              x best-external, a additional-path, c RIB-compressed, 
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  8.8.4.4/32       200.1.2.254              0             0 100 i
 *>  8.8.8.8/32       200.1.2.254              0             0 100 i
 *>  10.254.1.1/32    200.1.2.254                            0 100 1 i
 *>  10.254.2.2/32    0.0.0.0                  0         32768 i

R02(config)#do show ip route bgp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is not set

      8.0.0.0/32 is subnetted, 2 subnets
B        8.8.4.4 [20/0] via 200.1.2.254, 00:00:49
B        8.8.8.8 [20/0] via 200.1.2.254, 00:00:49
      10.0.0.0/32 is subnetted, 2 subnets
B        10.254.1.1 [20/0] via 200.1.2.254, 00:00:49

At this point R01 and R02 have a BGP peering with the ISP router and we can see that each router has learned the other's loopback network and also the ISP router's loopbacks. So do we have connectivity?

R01#  ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 5/6/9 ms
R01#  ping 8.8.4.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.4.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/6/8 ms

We can ping our fake Google IPs!!! But can we ping R02's loopback address?

R01# ping 10.254.2.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.254.2.2, timeout is 2 seconds: ..... Success rate is 0 percent (0/5)

Hmm it doesn't work...how come? Well troubleshooting is a big part of v3 so let's turn on debug ip packet on R02 and see why the ping is failing.

R02(config)#do debug ip packet
IP packet debugging is on
R02(config)#
*Jul 10 06:14:47.589: IP: s=200.1.1.1 (GigabitEthernet0/1), d=10.254.2.2, len 100, input feature, MCI Check(109), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Jul 10 06:14:47.590: IP: tableid=0, s=200.1.1.1 (GigabitEthernet0/1), d=10.254.2.2 (Loopback0), routed via RIB
*Jul 10 06:14:47.592: IP: s=200.1.1.1 (GigabitEthernet0/1), d=10.254.2.2, len 100, rcvd 4
*Jul 10 06:14:47.592: IP: s=200.1.1.1 (GigabitEthernet0/1), d=10.254.2.2, len 100, stop process pak for forus packet
*Jul 10 06:14:47.593: IP: s=10.254.2.2 (local), d=200.1.1.1, len 100, unroutable

Hmm so it says that the 200.1.1.1 address is unroutable, does R02 know how to reach 200.1.1.0/24 network?

 R02(config)#do sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is not set

      8.0.0.0/32 is subnetted, 2 subnets
B        8.8.4.4 [20/0] via 200.1.2.254, 00:03:18
B        8.8.8.8 [20/0] via 200.1.2.254, 00:03:18
      10.0.0.0/32 is subnetted, 2 subnets
B        10.254.1.1 [20/0] via 200.1.2.254, 00:03:18
C        10.254.2.2 is directly connected, Loopback0
      200.1.2.0/24 is variably subnetted, 2 subnets, 2 masks
C        200.1.2.0/24 is directly connected, GigabitEthernet0/1
L        200.1.2.2/32 is directly connected, GigabitEthernet0/1

No it doesn't! However it does know how to reach R01's loopback address, let's try sourcing the ping with the loopback.

R01#  ping 10.254.2.2 source loopback0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.254.2.2, timeout is 2 seconds:
Packet sent with a source address of 10.254.1.1 
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 13/14/15 ms

That works! This highlights a unique behavior of BGP.

Because BGP only advertises exactly what the network statement says, you need to be careful with what you are advertising or not advertising. The other thing to ponder is whether or not this is an issue for your network.

In BGP the 200.1.1.0/24 and 200.1.2.0/24 links are transit links that would likely never be sourcing traffic outside of a ping test so it may be perfectly valid to never advertise them into BGP.

For completeness you can make the ping work by either advertising the subnets or by adding default routes on each router that points to the ISP.

That's all for tonight folks.

17 comments
97% Upvoted
This thread is archived
New comments cannot be posted and votes cannot be cast
CCNA RS/W, BCNP, BCvRE
5 points2 years ago

Great write up! It's nice to see some IOS-XR love, it's quite rare in here.

And for those who doubt of BGP's flexibility, the route selection process takes 13 different parameters into account. For each route.

That's the main reason it's used at the ISP level. Flexibility and granularity like this allows for a lot of political and economical routing decisions, compared to the purely technical decisions of IGPs.

Meow 馃悎馃悎Meow 馃惐馃惐 Meow Meow馃嵑馃悎馃惐Meow A+!
Original Poster4 points2 years ago

You gotta love a router that has a built-in VIM editor :)

CCNA RS/W, BCNP, BCvRE
2 points2 years ago

Yeah, our backbone is made mostly of CRS-1, CRS-3, and ASR9000 (and way too many 6509). The first time someone sends you a bit of XR config, it's quite surprising.

They are too fancy and expensive for me to be able to play with though, so I haven't touched much of IOS-XR apart from labs and simulations. I just blow peoples mind with Tcl scripts.

Meow 馃悎馃悎Meow 馃惐馃惐 Meow Meow馃嵑馃悎馃惐Meow A+!
Original Poster2 points2 years ago

VIRL's XRv node is pretty solid, it has some limitations if your trying for your CCIE-SP but they have a XR 9000 image that solves some of the pain points.

CCNA RS/W, BCNP, BCvRE
2 points2 years ago

One day, I'll be able to afford a server and VIRL and I'll be very happy. So much fun to be had with weird, overly complex, completely useless architectures, just like our real network...

Meow 馃悎馃悎Meow 馃惐馃惐 Meow Meow馃嵑馃悎馃惐Meow A+!
Original Poster3 points2 years ago

It is a great investment, I use VIRL almost daily...though I freely admit that I'm a very advanced user and I'm used to openstack and linux so I don't have a problem with using openssl and quagga to glue things together for my crazy labs. Even if you don't get it, there is plenty of value in a beefy server :)

CCNA R&S
1 point2 years ago

I hope some day it will support l2vpn data forwarding, not just control plane.

Meow 馃悎馃悎Meow 馃惐馃惐 Meow Meow馃嵑馃悎馃惐Meow A+!
Original Poster1 point2 years ago

One day maybe, most hardware functions tend to be control plane only unfortunately. Then again the actual XRv product is around mainly to be a route-reflector etc and if it happens to help out with learning etc then that is cool too. Maybe now that most of the CCIEs are virtual they will put more effort into it.

Then again I have had quite a few debates about VIRL and CCIE limitations since if VIRL can't support private-vlans or L2VPNs then the CCIE lab likely can't support it either so it really comes down to how badly Cisco wants to test on those features.

炉\_(銉)_/炉
1 point2 years agoedited 1 year ago

0.7105903189935922

CCENT
2 points2 years ago

Can you ELI5 the signifigance of transit links? I see them referenced in BGP topics a lot.

The impression I'm getting is that BGP neighborships are built virtually on top of their actual data links?

Meow 馃悎馃悎Meow 馃惐馃惐 Meow Meow馃嵑馃悎馃惐Meow A+!
Original Poster2 points2 years ago

A transit interface is a peering interface that isn't relevant to the traffic forwarding decision. Traffic just flows through it.

From my example above the loopbacks can reach each other without the 200 subnets being advertised. The only consequence is that a ping sourced from the 200 interface will fail because the subnet isn't known by the other router.

CCNA R&S
1 point2 years ago

Very well done!

CCNA R&S, Net+
1 point2 years ago

Discussing about whether to advertise a network in BGP or not, could I run, for example, OSPF inside my network and advertise all networks inside, but only advertise select networks in BGP that I want to be reachable from the outside?

Meow 馃悎馃悎Meow 馃惐馃惐 Meow Meow馃嵑馃悎馃惐Meow A+!
Original Poster2 points2 years agoedited 2 years ago

Yup, keep in mind that for a standard BGP connection you would only advertise public IP ranges. You would only advertise private ranges if it was a mpls carrier. I was just being lazy in the example.

In the case of mpls you would mutually redistribute your IGP into BGP and vice versa, you might also filter the BGP transit network from entering the IGP but the CCNA keeps it simple.

CCNA R&S, Net+
1 point2 years ago

I (admittedly only briefly) tried a NAT experiment with OSPF last week where I tried to advertise the outside interface range and get pings to work across my three routers. The only way I could think to advertise the outside range without using a static route was by setting up a loopback with a /24 and advertising that subnet in OSPF. It didn't work and I was stressing over being ready for the ICND1 so I didn't spend a lot of brainpower over it. But maybe that solution is easier in BGP? Keep in mind I've only studied ICND1-level OSPF. I know there's still much to learn in ICND2.

Meow 馃悎馃悎Meow 馃惐馃惐 Meow Meow馃嵑馃悎馃惐Meow A+!
Original Poster2 points2 years ago

When routing with NAT you have to keep the order of operations in mind, for inbound nat - nat is done first then routing but with outbound nat - routing is done first and then nat happens so you need to make sure router knows how to reach the destination address.

Though we would need to see your NAT config to see where it went wrong.

I am glad that Cisco is including BGP and all, but why single-homed? It actually makes more sense not to BGP Peer in a single-homed environment.

Community Details

32.7k

Subscribers

291

Online

Create Post
r/ccna Rules
1.
No posting of illegal materials
2.
No posting of braindumps
3.
Be courteous and helpful
4.
Don't ask others to complete your labs
Cookies help us deliver our Services. By using our Services or clicking I agree, you agree to our use of cookies.Learn More.